Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for ichitaro_government_8 by justsystems

    CVE-2023-38128 (GCVE-0-2023-38128)

    Vulnerability from nvd – Published: 2023-10-19 17:00 – Updated: 2025-02-13 17:01
    VLAI
    Summary
    An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    Impacted products
    Vendor Product Version
    Ichitaro 2023 Ichitaro 2023 Affected: 1.0.1.59372
    Create a notification for this product.
    Credits
    Discovered by a member of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:30:14.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
              },
              {
                "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38128",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:08:18.379467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:08:27.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ichitaro 2023",
              "vendor": "Ichitaro 2023",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.59372"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by a member of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T17:06:10.274Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
              "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
            },
            {
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-38128",
        "datePublished": "2023-10-19T17:00:42.797Z",
        "dateReserved": "2023-07-17T22:09:40.438Z",
        "dateUpdated": "2025-02-13T17:01:45.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38127 (GCVE-0-2023-38127)

    Vulnerability from nvd – Published: 2023-10-19 17:00 – Updated: 2025-11-04 19:17
    VLAI
    Summary
    An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    Ichitaro 2023 Ichitaro 2023 Affected: 1.0.1.59372
    Create a notification for this product.
    Credits
    Discovered by a member of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:17:16.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
              },
              {
                "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38127",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:06:59.215037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:07:07.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ichitaro 2023",
              "vendor": "Ichitaro 2023",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.59372"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by a member of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T17:00:06.976Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
              "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-38127",
        "datePublished": "2023-10-19T17:00:43.288Z",
        "dateReserved": "2023-07-17T21:54:43.843Z",
        "dateUpdated": "2025-11-04T19:17:16.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-34366 (GCVE-0-2023-34366)

    Vulnerability from nvd – Published: 2023-10-19 17:00 – Updated: 2025-11-04 19:16
    VLAI
    Summary
    A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ichitaro 2023 Ichitaro 2023 Affected: 1.0.1.59372
    Create a notification for this product.
    Credits
    Discovered by a member of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:16:47.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
              },
              {
                "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34366",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T18:05:09.536876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T18:05:25.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ichitaro 2023",
              "vendor": "Ichitaro 2023",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.59372"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by a member of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T17:00:06.097Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
              "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-34366",
        "datePublished": "2023-10-19T17:00:43.773Z",
        "dateReserved": "2023-06-08T15:45:16.455Z",
        "dateUpdated": "2025-11-04T19:16:47.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-35126 (GCVE-0-2023-35126)

    Vulnerability from nvd – Published: 2023-10-19 16:02 – Updated: 2025-02-13 16:55
    VLAI
    Summary
    An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    Impacted products
    Vendor Product Version
    Ichitaro 2023 Ichitaro 2023 Affected: 1.0.1.59372
    Create a notification for this product.
    Credits
    Discovered by a member of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:23:59.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
              },
              {
                "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35126",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:10:44.900753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:12:25.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ichitaro 2023",
              "vendor": "Ichitaro 2023",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.59372"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by a member of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists within the parsers for both the \"DocumentViewStyles\" and \"DocumentEditStyles\" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129: Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T16:05:06.477Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
              "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
            },
            {
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-35126",
        "datePublished": "2023-10-19T16:02:29.998Z",
        "dateReserved": "2023-07-31T21:52:03.187Z",
        "dateUpdated": "2025-02-13T16:55:47.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36344 (GCVE-0-2022-36344)

    Vulnerability from nvd – Published: 2022-08-16 07:03 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
    Severity
    No CVSS data available.
    CWE
    • Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    JustSystems Corporation JustSystems JUST Online Update for J-License' Affected: JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JustSystems JUST Online Update for J-License\u0027",
              "vendor": "JustSystems Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T07:03:05.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-36344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JustSystems JUST Online Update for J-License\u0027",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "JustSystems Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unquoted Search Path or Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.justsystems.com/jp/corporate/info/js22001.html",
                  "refsource": "MISC",
                  "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN57073973/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-36344",
        "datePublished": "2022-08-16T07:03:05.000Z",
        "dateReserved": "2022-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10870 (GCVE-0-2017-10870)

    Vulnerability from nvd – Published: 2017-11-02 15:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.
    Severity
    No CVSS data available.
    CWE
    • Memory Corrution vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Justsystem Rakuraku Hagaki Affected: Rakuraku Hagaki 2018
    Affected: Rakuraku Hagaki 2017
    Affected: Rakuraku Hagaki 2016
    Create a notification for this product.
    Justsystem Rakuraku Hagaki Select for Ichitaro Affected: Ichitaro 2017
    Affected: Ichitaro 2016
    Affected: Ichitaro 2015
    Affected: Ichitaro Pro3
    Affected: Ichitaro Pro2
    Affected: Ichitaro Pro
    Affected: Ichitaro 2011
    Affected: Ichitaro Government 8
    Affected: Ichitaro Government 7
    Affected: Ichitaro Government 6
    Affected: Ichitaro 2017 Trial version
    Create a notification for this product.
    Date Public
    2017-11-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.justsystems.com/jp/info/js17003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuraku Hagaki",
              "vendor": "Justsystem",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rakuraku Hagaki 2018"
                },
                {
                  "status": "affected",
                  "version": "Rakuraku Hagaki 2017"
                },
                {
                  "status": "affected",
                  "version": "Rakuraku Hagaki 2016"
                }
              ]
            },
            {
              "product": "Rakuraku Hagaki Select for Ichitaro",
              "vendor": "Justsystem",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ichitaro 2017"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro 2016"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro 2015"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Pro3"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Pro2"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Pro"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro 2011"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Government 8"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Government 7"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Government 6"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro 2017 Trial version"
                }
              ]
            }
          ],
          "datePublic": "2017-11-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Memory Corrution vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-02T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.justsystems.com/jp/info/js17003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10870",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuraku Hagaki",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rakuraku Hagaki 2018"
                              },
                              {
                                "version_value": "Rakuraku Hagaki 2017"
                              },
                              {
                                "version_value": "Rakuraku Hagaki 2016"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rakuraku Hagaki Select for Ichitaro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ichitaro 2017"
                              },
                              {
                                "version_value": "Ichitaro 2016"
                              },
                              {
                                "version_value": "Ichitaro 2015"
                              },
                              {
                                "version_value": "Ichitaro Pro3"
                              },
                              {
                                "version_value": "Ichitaro Pro2"
                              },
                              {
                                "version_value": "Ichitaro Pro"
                              },
                              {
                                "version_value": "Ichitaro 2011"
                              },
                              {
                                "version_value": "Ichitaro Government 8"
                              },
                              {
                                "version_value": "Ichitaro Government 7"
                              },
                              {
                                "version_value": "Ichitaro Government 6"
                              },
                              {
                                "version_value": "Ichitaro 2017 Trial version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Justsystem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Memory Corrution vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU93703434/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
                },
                {
                  "name": "https://www.justsystems.com/jp/info/js17003.html",
                  "refsource": "MISC",
                  "url": "https://www.justsystems.com/jp/info/js17003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10870",
        "datePublished": "2017-11-02T15:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34366 (GCVE-0-2023-34366)

    Vulnerability from cvelistv5 – Published: 2023-10-19 17:00 – Updated: 2025-11-04 19:16
    VLAI
    Summary
    A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ichitaro 2023 Ichitaro 2023 Affected: 1.0.1.59372
    Create a notification for this product.
    Credits
    Discovered by a member of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:16:47.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
              },
              {
                "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34366",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T18:05:09.536876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T18:05:25.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ichitaro 2023",
              "vendor": "Ichitaro 2023",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.59372"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by a member of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T17:00:06.097Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
              "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-34366",
        "datePublished": "2023-10-19T17:00:43.773Z",
        "dateReserved": "2023-06-08T15:45:16.455Z",
        "dateUpdated": "2025-11-04T19:16:47.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38127 (GCVE-0-2023-38127)

    Vulnerability from cvelistv5 – Published: 2023-10-19 17:00 – Updated: 2025-11-04 19:17
    VLAI
    Summary
    An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    Ichitaro 2023 Ichitaro 2023 Affected: 1.0.1.59372
    Create a notification for this product.
    Credits
    Discovered by a member of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:17:16.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
              },
              {
                "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38127",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:06:59.215037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:07:07.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ichitaro 2023",
              "vendor": "Ichitaro 2023",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.59372"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by a member of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T17:00:06.976Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
              "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-38127",
        "datePublished": "2023-10-19T17:00:43.288Z",
        "dateReserved": "2023-07-17T21:54:43.843Z",
        "dateUpdated": "2025-11-04T19:17:16.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38128 (GCVE-0-2023-38128)

    Vulnerability from cvelistv5 – Published: 2023-10-19 17:00 – Updated: 2025-02-13 17:01
    VLAI
    Summary
    An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    Impacted products
    Vendor Product Version
    Ichitaro 2023 Ichitaro 2023 Affected: 1.0.1.59372
    Create a notification for this product.
    Credits
    Discovered by a member of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:30:14.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
              },
              {
                "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38128",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:08:18.379467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:08:27.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ichitaro 2023",
              "vendor": "Ichitaro 2023",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.59372"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by a member of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T17:06:10.274Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
              "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
            },
            {
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-38128",
        "datePublished": "2023-10-19T17:00:42.797Z",
        "dateReserved": "2023-07-17T22:09:40.438Z",
        "dateUpdated": "2025-02-13T17:01:45.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35126 (GCVE-0-2023-35126)

    Vulnerability from cvelistv5 – Published: 2023-10-19 16:02 – Updated: 2025-02-13 16:55
    VLAI
    Summary
    An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    Impacted products
    Vendor Product Version
    Ichitaro 2023 Ichitaro 2023 Affected: 1.0.1.59372
    Create a notification for this product.
    Credits
    Discovered by a member of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:23:59.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
              },
              {
                "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35126",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:10:44.900753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:12:25.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ichitaro 2023",
              "vendor": "Ichitaro 2023",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.59372"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by a member of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists within the parsers for both the \"DocumentViewStyles\" and \"DocumentEditStyles\" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129: Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T16:05:06.477Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28846531/index.html",
              "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
            },
            {
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2023-35126",
        "datePublished": "2023-10-19T16:02:29.998Z",
        "dateReserved": "2023-07-31T21:52:03.187Z",
        "dateUpdated": "2025-02-13T16:55:47.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36344 (GCVE-0-2022-36344)

    Vulnerability from cvelistv5 – Published: 2022-08-16 07:03 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
    Severity
    No CVSS data available.
    CWE
    • Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    JustSystems Corporation JustSystems JUST Online Update for J-License' Affected: JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JustSystems JUST Online Update for J-License\u0027",
              "vendor": "JustSystems Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T07:03:05.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-36344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JustSystems JUST Online Update for J-License\u0027",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "JustSystems Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unquoted Search Path or Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.justsystems.com/jp/corporate/info/js22001.html",
                  "refsource": "MISC",
                  "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN57073973/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-36344",
        "datePublished": "2022-08-16T07:03:05.000Z",
        "dateReserved": "2022-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10870 (GCVE-0-2017-10870)

    Vulnerability from cvelistv5 – Published: 2017-11-02 15:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file.
    Severity
    No CVSS data available.
    CWE
    • Memory Corrution vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Justsystem Rakuraku Hagaki Affected: Rakuraku Hagaki 2018
    Affected: Rakuraku Hagaki 2017
    Affected: Rakuraku Hagaki 2016
    Create a notification for this product.
    Justsystem Rakuraku Hagaki Select for Ichitaro Affected: Ichitaro 2017
    Affected: Ichitaro 2016
    Affected: Ichitaro 2015
    Affected: Ichitaro Pro3
    Affected: Ichitaro Pro2
    Affected: Ichitaro Pro
    Affected: Ichitaro 2011
    Affected: Ichitaro Government 8
    Affected: Ichitaro Government 7
    Affected: Ichitaro Government 6
    Affected: Ichitaro 2017 Trial version
    Create a notification for this product.
    Date Public
    2017-11-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.justsystems.com/jp/info/js17003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rakuraku Hagaki",
              "vendor": "Justsystem",
              "versions": [
                {
                  "status": "affected",
                  "version": "Rakuraku Hagaki 2018"
                },
                {
                  "status": "affected",
                  "version": "Rakuraku Hagaki 2017"
                },
                {
                  "status": "affected",
                  "version": "Rakuraku Hagaki 2016"
                }
              ]
            },
            {
              "product": "Rakuraku Hagaki Select for Ichitaro",
              "vendor": "Justsystem",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ichitaro 2017"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro 2016"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro 2015"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Pro3"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Pro2"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Pro"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro 2011"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Government 8"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Government 7"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro Government 6"
                },
                {
                  "status": "affected",
                  "version": "Ichitaro 2017 Trial version"
                }
              ]
            }
          ],
          "datePublic": "2017-11-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Memory Corrution vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-02T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.justsystems.com/jp/info/js17003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10870",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rakuraku Hagaki",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Rakuraku Hagaki 2018"
                              },
                              {
                                "version_value": "Rakuraku Hagaki 2017"
                              },
                              {
                                "version_value": "Rakuraku Hagaki 2016"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rakuraku Hagaki Select for Ichitaro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ichitaro 2017"
                              },
                              {
                                "version_value": "Ichitaro 2016"
                              },
                              {
                                "version_value": "Ichitaro 2015"
                              },
                              {
                                "version_value": "Ichitaro Pro3"
                              },
                              {
                                "version_value": "Ichitaro Pro2"
                              },
                              {
                                "version_value": "Ichitaro Pro"
                              },
                              {
                                "version_value": "Ichitaro 2011"
                              },
                              {
                                "version_value": "Ichitaro Government 8"
                              },
                              {
                                "version_value": "Ichitaro Government 7"
                              },
                              {
                                "version_value": "Ichitaro Government 6"
                              },
                              {
                                "version_value": "Ichitaro 2017 Trial version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Justsystem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Memory Corrution vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/vu/JVNVU93703434/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU93703434/index.html"
                },
                {
                  "name": "https://www.justsystems.com/jp/info/js17003.html",
                  "refsource": "MISC",
                  "url": "https://www.justsystems.com/jp/info/js17003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10870",
        "datePublished": "2017-11-02T15:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }